The rapid adoption of mobile devices, such as smart phones and tablets, has created a huge market for all kinds of mobile services. Users can download applications from application stores (or markets), install them onto their mobile devices, and consume services through these applications.
A mobile application is software stored and executed in a mobile device. On the one hand, users demand convenience, good user experience, and performance. To satisfy these, many mobile applications keep certain connection data (such as access token) or/and user credentials (such as password) in their local storage and in the memory at runtime. In this way, a user normally just taps the application and uses it. On the other hand, attackers have moved their attention to mobile devices. They have deployed a variety of ways distributing malware to or root users' mobile devices. This allows them to modify or steal whatever important on users' devices.
One particular problem is the cloned applications. Anyone can download a mobile application from an application store. So cloning the application itself is not the problem in this context. The concerns are user credentials and other data, such as Authentication tokens, access tokens, and API keys which mobile applications use in order to interact with remote servers of mobile services. The clone in this context meant that the mobile application, user credential, and application data are all copied to another device, and they are sufficient for the cloned mobile application to run on the other device in the name of the original user.
The same issue with cloning of application may be encountered with other types of device.
There is a need to mitigate problems caused by application cloning.